Schneider Electric Unity PRO Control Flow Management Vulnerability

CVEs (1)

Remediations

• This vulnerability is made possible when no application program has been loaded in the simulator or when the application program loaded in the simulator is not password protected.
• Schneider Electric recommends the following mitigation practices: Upgrade to Unity PRO Version 11.1. By default, it is not possible to launch this version of the simulator without any Unity PRO application associated. Exercise caution in selecting which project files are executed by the simulator. Do not trust files that come from unknown or untrusted sources. Use strong passwords to protect applications. It is not possible to load or to modify this application without being authenticated once the password protected application has been loaded onto the simulator.
• For more information on this vulnerability and more detailed mitigation instructions, please see Schneider Electric security notification SEVD-2016-288-01 at the following location: (http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-288-01)

Affected Vendors

Affected Products (1)